このページの内容

関連コンテンツ

お困りですか?

The new fully-featured REST API is designed for use by client applications and provides a foundation for future work. Having built the API, we used it to rework Crowd's Apache and Subversion connectors. Another focus of this release is the improved performance provided by the new database-backed caching, LDAP connection pooling and Apache/Subversion connectors.

Upgrading to Crowd 2.1

Highlights of Crowd 2.1

REST API

Crowd 2.1 introduces a new set of REST APIs for use by applications connecting to Crowd. This is especially good news for people developing a custom application connector.

The REST APIs offer the following features to client applications:

User authentication and SSO.

Updating a user's password.

Requesting a password reset.

A fully functional, comprehensive search API. Initially, the search API will be quite terse in construction as the queries will be an XML/JSON serialization of our internal search objects. We provide a Java client that assists in constructing the queries.

In addition, client applications can add, update, remove and retrieve the following entities from the user base:

Improved Apache and Subversion Connectors

Crowd 2.1 includes new in-process Apache and Subversion connectors, bringing improved performance and lower memory usage. In addition, the connectors now offer support for the following:

Nested groups.

SSO with Apache.

Subversion parent path configuration. The SVNParentPath directive allows you to put multiple Subversion repositories in a directory. This means that you can add and remove repositories without having to restart Apache. See the following pages from Version Control with Subversion: Path-based authorization and Subversion Apache configuration directives.

More platforms. We now provide a source distribution of the Apache and Subversion connectors. This means that you can build and deploy the connectors on the operating system of your choice.

Database-Backed Caching for All LDAP Directories

Earlier versions of Crowd provided in-memory caching for LDAP user and group data. In Crowd 2.1 the LDAP cache is stored in the Crowd database, resulting in significant performance improvements. Read-only queries will hit the database and not the LDAP server. Queries on LDAP data will perform as efficiently as queries on the Crowd internal directory. This is particularly useful for large LDAP servers which may respond poorly to searches for users.

Other features:

You can execute complex searches like "find me all the users starting with 'a' that have an email address containing '@example.com'".

You can store and query custom attributes for users and groups in LDAP directories as well as in Crowd internal directories. Note that the custom attributes are stored in the Crowd database, not LDAP.

Database-backed caching is available for all LDAP servers. The earlier in-memory model worked only with Microsoft Active Directory and ApacheDS.

LDAP Connection Pooling

Crowd now supports connection pooling for your LDAP servers. The LDAP service provider maintains a pool of connections and assigns them as needed. When a connection is closed, LDAP returns the connection to the pool for future use. See the documentation.

Connection pooling cuts the overhead of making the LDAP connection. Sites using Active Directory with SSL will see performance on par with an unsecured connection. This is an order of magnitude improvement over Crowd 2.0.

Secure Password Resets

When someone has forgotten their password, Crowd no longer sends them a new password. Instead it sends them a unique, random URL and prompts them to choose their own new password. There are a number of advantages to the new workflow:

Crowd uses a secure algorithm to generate the unique, random URL for the user concerned.

Users can ensure that their new password matches the directory regex pattern, where relevant.